VPN through Cisco Router

Hi. I just wish to ask if it's possible to set up two crypto maps in just one router where one crypto map has one ip peer and another crypto map has another ip peer. I tried doing this before but it only works for one peer and not the other.

Thanks.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

mikearama

No, I don't believe you can have multiple crypto maps... you certainly can't on the PIX.

Actually, you can have as many maps as you like, but you can only apply one to an interface. Yeah, that's it. One crypto map to an interface, but you can list mutiple peers inside it, assuming that all the peers can use the same transforms/policies.

EDIT: found this link:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

Shows that as long as the name of the map stays consistent, but the sequence number changes, you can apply a crypto map "set" to an interface. Scan down the page to the Apply Crypto Map to Interface section.

Mike

marcusaureliusbrutus

Hi. Thank you for replying. Is it possible if i have two crypto maps and i would apply one crypto map on one interface and another crypto map on another interface?

Thanks.

mikearama

Ah, that's where you're going. Gotcha.

As the maps are tied to the interface, you should have no issue.

Here's a great link doing what you describe:
Terminating IPSec Tunnels on Multiple Cisco Secure PIX Firewall Interfaces with Xauth - Cisco Systems

mzinz

marcusaureliusbrutus wrote: »

Hi. Thank you for replying. Is it possible if i have two crypto maps and i would apply one crypto map on one interface and another crypto map on another interface?

Thanks.

Both of those are public interfaces, correct? ie: they have public IP's and connect directly to the internet?

marcusaureliusbrutus

Hi Guys,

Just to make sure i get it right, if i have two interfaces with public interfaces, connected to two different ISPs, and i have two crypto maps each with its own peer address, i should be able to establish two vpn tunnels? What if the peer address is the same. I mean i would enable one crypto map on both interfaces pointing to just one peer IP, is this possible?